AWS

In love w CloudSec

Configuration

Create a Root and IAM user
IAM user must have a custom password set along with Secret Key and an Access ID generated
Under IAM create a normal user assigned with AdministratorAccess and a misconfigured S3 bucket having public access over it's objects
Meanwhile access the aws-console via awscli

$ aws configure --profile demo-user
AWS Access Key ID [None]:
AWS Secret Access Key [None]:
....

Now the keys will be stored under .aws/credentials - To confirm we can query

$ aws iam get-user --profile demo-user
{
    "User": {
        "Path": "/",
        "UserName": "demo-user",
        "UserId": "*******************",
        "Arn": "arn:aws:iam::***********:user/demo-user",
        "CreateDate": "2023-09-18T09:07:45+00:00",
        "PasswordLastUsed": "2023-09-18T09:08:21+00:00"
    }
}

We can now interact with the misconfigured S3 bucket

$ aws s3 ls --profile demo-user        // To list the buckets
2023-09-18 14:41:53 securebucketnxg

$ aws s3 ls s3://securebucketnxg --profile demo-user    // List the objs inside the public bucket
2023-09-18 14:42:37     242687 IoT.pdf

$ aws s3 sync s3://securebucketnxg output_dir --profile demo-user     // Download objs

So far we've tested or dumped the contents within the IAM user and buckets, what if an unknown user finds a bucket name ? How would he approach it ?

You guessed it, it's actually the same way and he would get the objects within the bucket if its publicly exposed

S3 Bucket - Best Practice

Navigate to Amazon S3 > Buckets > securebucketnxg > IoT.pdf > Edit access control list

After unchecking

Everyone
Anyone with AWS account

No unknown user can list the objects within the S3 bucket - Best Practice !

$ aws s3 ls s3://securebucketnxg --profile different_user
An error occurred (AccessDenied) when calling the ListObjectsV2 operation: Access Denied

Launch an EC2 Instance

Search for EC2
Generate a Key-Pair - can be accessed via ssh or putty
Launch a simple instance with the default inbound rules (as of now)

$ chmod 400 cashserver.pem
$ ssh -i "cashserver.pem" ec2-user@ec2-13-x-38-x.eu-north-1.compute.amazonaws.com

PreviousNgnix Deployment NextCloud Breach S3

Last updated 1 year ago

$ aws iam get-user --profile demo-user { "User": { "Path": "/", "UserName": "demo-user", "UserId": "*******************", "Arn": "arn:aws:iam::***********:user/demo-user", "CreateDate": "2023-09-18T09:07:45+00:00", "PasswordLastUsed": "2023-09-18T09:08:21+00:00" } }

$ aws s3 ls --profile demo-user // To list the buckets 2023-09-18 14:41:53 securebucketnxg $ aws s3 ls s3://securebucketnxg --profile demo-user // List the objs inside the public bucket 2023-09-18 14:42:37 242687 IoT.pdf $ aws s3 sync s3://securebucketnxg output_dir --profile demo-user // Download objs